How do I define system-access-group-based data security policies?
Let's say you're an HR Help Desk Administrator, Internal Help Desk Administrator or IT Security Manager. Then you can use system access groups and predefined rules to support help desk request data security for your users.
Every standard job role provided by Oracle has a corresponding system access group. The predefined object-sharing rules assigned to each system access group provide the same access to help desk request data as provided by the standard job roles.
System access groups provide you an alternative way to manage a user's access to help desk request data. You can also create access extension rules to extend the access provided by the predefined rules to related objects.
System access groups are active by default. But the predefined object-sharing rules associated with each system access group are inactive by default. So you must activate these rules before you can use them. The association between system groups and predefined rules is also disabled by default. So for each system group, you must also enable the predefined rules you want to apply to the group.
The following table lists the predefined object-sharing rules for system access groups along with their descriptions.
|
S. no. |
Predefined rule name |
This rule provides access to: |
|---|---|---|
|
1 |
All Service Requests |
All service requests. |
|
2 |
All CRM Service Requests |
Access to all CRM service requests. |
|
3 |
CRM Business Unit Service Requests |
All CRM service requests associated with the user's business units. |
|
4 |
CRM Partner Service Requests |
All CRM partner service requests. |
|
5 |
CRM Business Unit Partner Service Requests |
CRM partner service requests associated with the user's business units. |
|
6 |
CRM Service Request Queue Member |
All CRM service requests assigned to queues that the user is a member. |
|
7 |
CRM Service Request Queue Member Hierarchy |
All CRM service requests assigned to queues that the user's subordinates are a member. |
|
8 |
CRM Service Request Team |
All CRM service requests where the user is on the SR team. |
|
9 |
CRM Service Request Team Hierarchy |
All CRM service requests where the user's subordinates are on the SR team. |
|
10 |
CRM Service Request Assignee |
All CRM service requests where the user is the assignee. |
|
11 |
CRM Service Request Assignee Hierarchy |
All CRM service requests where the user's subordinates are the assignee. |
|
12 |
CRM Service Request Creator |
All CRM service requests where the user created the SRs. |
|
13 |
CRM Service Request Creator Hierarchy |
All CRM service requests where the user's subordinates created the SRs. |
|
14 |
CRM Service Request Partner Account |
All service requests where the SR is associated with the user's partner account. |
|
15 |
CRM Service Request Contact |
All CRM service requests where the user is an SR contact. |
|
16 |
All HR Service Requests |
All HR service requests. |
|
17 |
HR Business Unit Service Requests |
All HR service requests associated with the user's business units. |
|
18 |
HR Service Request Queue Member |
All HR service requests assigned to queues that the user is a member of. |
|
19 |
HR Service Request Queue Member Hierarchy |
All HR service requests assigned to queues that the user's subordinates are a member of. |
|
20 |
HR Service Request Team |
All HR service requests where the user is on the SR team. |
|
21 |
HR Service Request Team Hierarchy |
All HR service requests where the user's subordinates are on the SR team. |
|
22 |
HR Service Request Creator |
All HR service requests where the user created the SRs. |
|
23 |
HR Service Request Primary Contact |
All HR service requests where the user is the SR primary contact. |
|
24 |
HR Service Request Assignee |
All HR service requests where the user is the assignee. |
|
25 |
HR Service Request Assignee Hierarchy |
All HR service requests where the user's subordinates are the assignee. |